If you have reason to be concerned that your Google accounts are vulnerable to attack, you have options beyond strong password managers and two-factor authentication. Google's Advanced Protection Program promises the ultimate in security for those most at risk of exposure. In this guide, we'll show you how to get it set up on your account and bring up some important factors to consider before doing so.
Products used in this guide
- From the source: Google Titan Security Key Bundle (opens in new tab) ($50 at Google)
- You be protected: YubiKey 5C (opens in new tab) ($50 at Amazon)
- You be safe: Yubico Security Key NFC (opens in new tab) ($27 at Amazon)
How to sign up for Google's Advanced Protection Program
Setting up Google's Advanced Protection Program is simple and only takes a few minutes.
- Login to your Google account on your computer (we recommend doing this on a laptop or desktop rather than a mobile device).
- Navigate to google.com/advancedprotection.
- Click on Get Started.
- You will see a brief explanation of the program, where you can opt in or leave. Click Next.
- Here you will be asked to purchase and/or register two security keys. Google favors their own Titan Security Keys, but there are other great options as well from companies like Yubico (see recommendations below). Any security keys that support the FIDO open standard should be compatible.
- If you have an Android phone running 7.0 or higher, then you have another security key built-in to your phone. If you use an iPhone running iOS 10.0 or higher, you'll need to download and install the Google Smart Lock app.
- Once you have your security keys in hand, register them to your account by clicking the blue Register Security Keys button.
- Click Add Security Key and follow the onscreen instructions.
- Connect the key to your computer, and tap the button on the key to confirm the connection.
- Name the key in your Google account on screen.
- Click Done to confirm setup.
- Repeat this process for any backup keys you have.
- Review the changes that come with the Advanced Protection Program (such as the fact that some apps might no longer work as intended due to permission issues).
- Click Turn On to complete the security key activation.
- Sign in to all of your Google accounts and devices with your newly registered security keys.
Google recommends that you register at least two keys so that you always have a backup in case you lose one, or heaven forbid, you lose your phone. If you do happen to lose all of your security keys and still have access to a computer that is logged into your account, Google suggests that you register additional replacement keys. However, if you are not able to access a computer that you are still logged into, you'll have to submit a formal request to Google, which may take several days. Don't get caught in this circumstance!
Keep these points in mind
While protecting your data by any means available is a smart thing to do, it's important to remember a few key points before you run off and sign up for the Advanced Protection Program.
First reminder: not everyone needs to do this. For most people, following this sage advice should be enough protection: 1) use complicated and unique passwords; 2) rely on a password manager (opens in new tab) to keep your passwords safe and secure; and 3) use two-factor authentication to ensure that even if someone does get your login and password info that they can't actually access your account.
Advanced Password Protection is intended for those people who are most at risk for direct, targeted attacks. These might include politicians, political activists, celebrities, journalists, and other public figures. It could also include witnesses, abuse victims, or whistleblowers. If you don't fall under one of these categories, the program might be overkill for you.
Second reminder: it can be a huge pain in the a%#!. When you first sign up for the program, you will be automatically logged out of all your Google services everywhere — no exceptions. It's important you know that going into this exercise, as it can cause significant disruptions to your workflow. Some apps that you rely on may lose functionality, as Google limits access to apps like Mail, Maps, and Drive to Google's apps or certain trusted apps and developers. For example, apps like TripIt (opens in new tab) may no longer work as intended if you have enabled the Advanced Protection Program.
Additionally, you will have to remember to carry your security key with you at all times to authenticate your account, and you may be prompted to re-authenticate at unexpected times. If you're without it, you'll be stuck on the outside looking in.
Third reminder: If you're a G Suite user, check with your IT team first! Generally speaking, IT departments frown upon employees downloading software or making account changes that they haven't approved first. Chances are, they already have established their own security protocols that they want you to follow. Listen to them — that's their job after all.
Don't forget that if you do enable the Advanced Protection Program on a G Suite account, you will likely be asked to authenticate repeatedly throughout the day. As you can imagine, this can cause significant strain on your workflow and productivity. I have colleagues that have to do this every hour, on the hour, and they're not too happy about that!
Stay safe folks!
Now you know all of the benefits of the Advanced Protection Program, as well as some of its key drawbacks. It's up to you to make what security decisions you deem most appropriate for your lifestyle, but at least now you have some additional tools that you can use if you need them.
Our top equipment picks
As you've seen, there are several different options for having secondary security keys for Google's Advanced Protection Program. We recommend getting the Titan Security Key Bundle directly from Google, but Yubico also makes some great options that you should consider.
Made by Google
Engineered by Google for ultimate security
Google's Titan Security Keys have baked-in security features based on FIDO open standards, so you can trust that they are going to be among the most secure around.
You can't go wrong by selecting your security key from the security platform provider, and indeed, Google's Titan security has set the standard for safekeeping data at the micro and macro scales. Note that Google offers several different versions of the Titan keys, so if you don't need the bundle, you can get just what you need for cheaper.
A top-tier USB-C key
Yubico is well-known for making some of the best security products in the business. This key is FIDO certified and works with pretty much any operating system and password manager you can think of. Yep, that one too.
Yubico is a private Sweedish company that been making security products for nearly ten years. Their devices conform to many open standards and protocols and are considered some of the best available.
USB and NFC
A two-in-one solution
This affordable key is an excellent solution whether you have a Chromebook or laptop with USB-A ports (lucky you!) or a mobile device with NFC capabilities.
Insert this key into your computer's USB-A port and tap on the key with your finger for authentication, or tap the key against your mobile device with NFC to authenticate your accounts.
Don't forget to visit the Google Advanced Protection Program page and sign up if you want the ultimate in online protection. Also, get yourself a good password manager like 1Password if you haven't already.
Google Advanced Protection Program (Free at Google)
Safeguard your Google account from targeted attacks and phishing. This simple step can safe you a ton of headaches and heartaches down the road.
1Password (opens in new tab) (From $3 per month)
1Password is one of our favorite password managers and works on all platforms. Get yourself an individual plan, or upgrade to a family or team plan to cover more of your contacts.
Jeramy is proud to help *Keep Austin Weird* and loves hiking in the hill country of central Texas with a breakfast taco in each hand. When he's not writing about smart home gadgets and wearables, he's defending his relationship with his smart voice assistants to his family. You can follow him on Twitter at @jeramyutgw.